McAfee: Spam Falls, but Malware Still King

Some 60,000 new malware threats were detected each day on average during the third quarter of 2010, a number McAfee says is nearly four times the daily average in 2007.

Spam might have slipped, but malware authors were as busy as ever during the third quarter of the year, according to McAfee.
In the "McAfee Threats Report: Third Quarter 2010"
(PDF), the company notes that even though spam declined, an average of
60,000 new malware threats were identified each day, which
is nearly four times the 16,000 detected per day in 2007. In
addition, McAfee has already identified more than 14 million
unique pieces of malware, "well over a million more" than at the
same time last year, according to the report.

During the quarter, McAfee notes, the security community discovered the Stuxnet worm,
which many consider to be one of the most sophisticated pieces of
malware in the world. But grabbing nearly as much media
attention during the quarter was the infamous Zeus Trojan, which
moved from just targeting PCs to going after mobile devices.

"We saw several e-mail campaigns that tried to deliver either Zeus
itself or the Bredolab Trojan, which will download several kinds of
malware," the report notes, citing spam campaigns exploiting FedEx,
Western Union and other brands.
The attackers sometimes used graphics in their e-mails as opposed to
text in an attempt to dodge spam filters, McAfee added. Sixty percent
of the Zeus spam spoofing messages from eFax came from the United
States, the report found.
In September, law enforcement officers around the world arrested dozens of people involved in a cyber-crime ring pushing the Zeus Trojan.
Meanwhile, the Cutwail botnet was particularly busy, accounting for
more than 50 percent of botnet traffic in every country. Cutwail bots
were involved in distributed denial-of-service attacks against more
than 300 Websites, including sites for the FBI and CIA as well
as Twitter and PayPal.
Additionally, 60 percent of the top 10 Google search terms returned malicious sites within the top 100 results.
"Due to its success, ease of use and implementation, we expect
search engine and term abuse to continue for years to come," the report
says. "Users must consider how they surf, how they search and how they
look for news online."
Mike Gallagher, senior vice president and chief technology officer
of Global Threat Intelligence for McAfee, said the report illustrates
that cyber-criminals are becoming more savvy - and their attacks are
becoming more severe.
"Cyber-criminals are doing their homework, and are aware of what's
popular, and what's insecure," he said, in a statement. "They are
attacking mobile devices and social networking sites, so education
about user activity online, as well as incorporating the proper
security technologies are of utmost importance."